Principles of Model Checking

Solutions to exercise class 2
Verification of regular linear time properties
Prof. Dr. Joost-Pieter Katoen, Dr. Taolue Chen, and Ir. Mark Timmer
September, 21, 2012
Problem 1
1. An NFA that accepts the set of minimal bad prefixes:
q
0
q
1
q
2
q
3
(a ∨ b) ∧ c
(a ∧ b ∧ c) ∨ (a ∧ c)
a
b ∧ c
(b ∧ c)
a
c ∧ a
2. First we apply the TS ⊗/ construction, which yields:
¸s
0
, q
1
¸
¸s
3
, q
2
¸
α
¸s
1
, q
2
¸
γ
¸s
4
, q
2
¸
γ
¸s
5
, q
3
¸
β
α
β
1
A counterexample to TS [= P
safe
is given by the following initial path
fragment in TS ⊗/:
π

= ¸s
0
, q
1
¸ ¸s
3
, q
2
¸ ¸s
1
, q
2
¸ ¸s
4
, q
2
¸ ¸s
5
, q
3
¸
By projection on the state component, we get a path in the underlying
transition system TS:
π = s
0
s
3
s
1
s
4
s
5
with trace (π) = ¦a, b¦¦a, c¦¦a, b, c¦¦a, c¦¦a, b¦
Since π

reaches q
3
(a final state of /), trace (π) ∈ BadPref(P
safe
).
Hence, Traces
fin
(TS) ∩ BadPref(P
safe
) ,= ∅. By Lemma 3.25, this is
equivalent to TS ,[= P
safe
.
Problem 2
1. L
1
= ¦σ ∈ ¦A, B¦
ω
[ σ contains ABA infinitely often, but AA only finitely often¦
q
0
q
1
q
2
q
3
q
4
A, B
A B
A
B
A, B
B
B
2. L
2
= /((AB + C)

((AA + B)C)
ω
+ (A

C)
ω
)
q
0
q
4
q
1
q
2
q
3
A C A
B
B
A
A B
C
q
5
q
6
A C
C
A
Note: We allow more than one initial state! Formally, the automaton
outlined above is given by
/
2
= (¦q
0
, . . . , q
6
¦, ¦A, B, C¦, δ, ¦q
0
, q
5
¦, ¦q
3
, q
6
¦)
where δ is defined as shown in the picture.
2
Problem 3
Proof sketch: Use a product construction and distinguish three phases which
have to be repeated in an infinite successful run infinitely often:
1. Wait for the first component to visit a final state;
2. Wait for the second component to a visit final state;
3. Signal that phase 1 and phase 2 have been completed.
Let /
i
= (Q
i
, Σ, δ
i
, Q
0,i
, F
i
) for i = 1, 2. Then, we define / = (Q, Σ, δ, Q
0
, F),
where
• Q = Q
1
Q
2
¦1, 2, 3¦
• δ : QΣ → 2
Q
such that
δ ((q
1
, q
2
, 1), A) =


1
(q
1
, A) ¸ F
1
) δ
2
(q
2
, A) ¦1¦


1
(q
1
, A) ∩ F
1
) δ
2
(q
2
, A) ¦2¦

δ ((q
1
, q
2
, 2), A) =

δ
1
(q
1
, A) (δ
2
(q
2
, A) ¸ F
2
) ¦2¦

δ
1
(q
1
, A) (δ
2
(q
2
, A) ∩ F
2
) ¦3¦

δ ((q
1
, q
2
, 3), A) = δ
1
(q
1
, A) δ
2
(q
2
, A) ¦1¦
• Q
0
= Q
0,1
Q
0,2
¦3¦
• F = Q
1
Q
2
¦3¦
We have to prove that /
ω
(/) = /
ω
(/
1
) ∩ /
ω
(/
2
):
• Let σ = A
1
A
2
A
3
. . . ∈ /
ω
(/). Then, there exists an accepting run
of / of the form
(p
0
, q
0
, i
0
)
A
1
−−→ (p
1
, q
1
, i
1
)
A
2
−−→
such that i
k
= 3 for infinitely many k ≥ 0. But then, p
i
∈ F
1
and
q
j
∈ F
2
for infinitely many i, j by construction. Hence, the runs p
0
A
1
−−→
p
1
A
2
−−→ p
2
. . . and q
0
A
1
−−→ q
1
A
2
−−→ q
2
. . . are accepting runs for σ in /
1
and /
2
, respectively. Therefore σ ∈ /
ω
(/
1
) ∩ /
ω
(/
2
).
3
• Let σ = A
1
A
2
A
3
. . . ∈ /
ω
(/
1
) ∩ /
ω
(/
2
). Then, there exist accepting
runs p
0
A
1
−−→ p
1
A
2
−−→ p
2
. . . and q
0
A
1
−−→ q
1
A
2
−−→ q
2
. . . of σ in /
1
and /
2
,
such that p
i
∈ F
1
and q
j
∈ F
2
for infinitely many i, j. We obtain the
induced run of / on σ as follows:
(p
0
, q
0
, i
0
)
A
1
−−→ (p
1
, q
1
, i
1
)
A
2
−−→ (p
2
, q
2
, i
2
)
We need to prove that i
k
= 3 for infinitely many k ≥ 0.
Therefore, let i
k
= 3 for some k ≥ 0 (this happens at least once, as
it happens in every initial state). We prove that there exists a k

> k
such that i
k
′ = 3:
As p
n
∈ F
1
infinitely often, there exists a fragment p
k
, p
k+1
, . . . , p
k+l
such that p
k+l
∈ F
1
, l > 0 and p
j
/ ∈ F
1
for j = k+1, . . . , k+l−1. By
construction, i
k+l
= 2.
Analogously, q
n
∈ F
2
for infinitely many n. Thus there exists a
fragment q
k+l
, q
k+l+1
, q
k+l+2
, . . . , q
k+l+o
with o > 0 such that q
j
/ ∈ F
2
for j = k+l+1, . . . , k+l+o−1 and q
k+l+o
∈ F
2
. Then, by construction,
i
k+l+o
= 3. To conclude the proof, set k

= k+l+o.
4